Credit cards are an indispensable part of today's economy. Millions of people around the world use credit cards every day to purchase goods and services. In general, a bank issues a credit card to an individual or organization. Such an individual or organization is referred to as a “cardholder.” After a bank issues a credit card to a cardholder, the cardholder can use the credit card to make charges against a line of credit extended to the cardholder by the bank.
A typical credit card is associated with several pieces of information. These pieces of information include a card number, an expiry date, and a service code. A card number is a sequence of digits that identifies a bank that issued the credit card and an account number that is specific to the cardholder. In some circumstances, a card number is also referred to as a “primary account number” (PAN). An expiry date of a credit card indicates a date when the credit card expires. A service code of a credit card indicates how the cardholder is permitted to use the credit card.
In addition, a credit card may be associated with a first card verification value and a second card verification value. The first card verification value (CVV1) and the second card verification value (CVV2) are values used to increase protection against credit card fraud. An issuing bank may generate the CVV1 of a credit card by digitally encrypting the card number, the expiry date, and the service code of the credit card using a secret encryption key. The issuing bank may generate the CVV2 of a credit card by digitally encrypting the same information using a different encryption method. The CVV1 of a credit card, along with the card number, expiry date, and service code of the credit card, is typically stored in a magnetic stripe on the back of the credit card. Because the CVV1 of the credit card is stored in the magnetic stripe of the credit card, the CVV1 of the credit card is not visible to the cardholder. The CVV2 of a credit card is typically printed on the back or front of the credit card such that the CVV2 of the credit card is visible to the cardholder.
A cardholder can use a credit card to initiate an economic transaction in a variety of ways. For instance, a cardholder could present a credit card to a merchant at a point of sale. In this instance, the merchant could swipe the credit card through a device that reads information stored in a magnetic stripe on the back of the credit card. The merchant then uses the information stored in the magnetic stripe, including the CVV1 of the credit card, to complete the credit card transaction. In another instance, a cardholder could provide credit card information to a merchant without presenting the physical credit card to the merchant. In this instance, the cardholder enters the card number, the expiry data, and the CVV2 of the credit card into a web page presented by a web browser application. The web browser application then electronically transmits the credit card information via a network (e.g., the Internet) to the merchant. After receiving the information via the network, the merchant uses the information to complete the transaction.
In general, the CVV1 of a credit card reduces the risk of credit card fraud by preventing someone who knows all of the visible information on a credit card from making a counterfeit credit card that is useable in a card reader. For instance, a person could copy the visible information of a credit card and program this information onto a counterfeit card with a magnetic stripe. However, this person would not know the CVV1 of the credit card from visual inspection and would not be able to derive the CVV1 of the credit card from any visible information on the credit card. Therefore, when this person attempts to use the counterfeit card, the card is declined because the magnetic stripe of the counterfeit card does not include the CVV1 of the credit card.
In general, the CVV2 of a credit card reduces the risk of credit card fraud by helping to ensure that the user of the credit card actually has physical possession of the credit card. To illustrate why the CVV2 of a credit card may help ensure that the user of the credit card actually has physical possession of the credit card, consider that merchants typically maintain records of all of the information stored in the magnetic stripes of credit cards used to purchase goods or services from the merchants. A malicious party could use this information to create a counterfeit card having a magnetic stripe that includes the CVV1 of the credit card. However, merchants are prohibited from storing CVV2 values of credit cards. Furthermore, most online merchants require the submission of CVV2 values with online purchases. Thus, a thief who has access to the information stored in a magnetic stripe of a credit card would not be able to purchase goods or services from such online merchants.
However, the CVV1 and the CVV2 of a credit card do not prevent all types of credit card fraud. For instance, a thief who has all of the information printed on the credit card (i.e., the card number, the expiration date, and the CVV2) could use this information to complete an online purchase. A thief could obtain the information printed on the credit card in a variety of ways. For instance, the thief could open mail that contains the credit card before the credit card is delivered to the proper cardholder. In this instance, the thief could copy down the information, reseal the envelope, and forward the envelope to the proper cardholder.